Context On June 28, 2022, ReversingLABS researchers reported a phishing campaign using malicious Microsoft Office files to distribute the new 2.0 version of the AstraLocker ransomware. Researchers assess that the threat actors behind the campaign likely obtained the AstraLocker 2.0 code from the Babuk leak in September of 2021, based on shared code and campaign…
Read More
A vulnerability is a flaw or weakness in a system that, if exploited, would allow a user to gain unauthorized access to conduct an attack. Vulnerability management is the process of identifying, prioritizing, and remediating these vulnerabilities to reduce an organization’s overall risk. Prioritization of vulnerabilities is essential because not all vulnerabilities are going to…
Read More
Context On June 28, 2022, Palo Alto Unit 42 researchers reported technical details and a proof of concept (PoC) exploit code for CVE-2022-30137, which they have designated FabricScape. CVE-2022-30137 is rated at 6.7 or medium severity, and affects Microsoft Service Fabric. Service Fabric is commonly used with Azure and hosts over one million applications daily. Microsoft released a patch…
Read More
Summary The Common Weakness Enumeration (CEV) organization has released their 2022 Top 25 Most Dangerous Software Weaknesses list. This list demonstrates the most common and impactful software weaknesses occurring during the year of 2022. To create the list, the CWE Team leveraged Common Vulnerabilities and Exposures (CVE) data found within the National Institute of Standards and Technology (NIST) National Vulnerability…
Read More
A vulnerability is a flaw or weakness in a system that, if exploited, would allow a user to gain unauthorized access to conduct an attack. Vulnerabilities can exist within applications, operating systems, software, hardware, or anywhere else in your network. They can result from a misconfiguration in a security setting, an organizational policy that falls…
Read More
